Exposure of Kibana
JavaScript graphics, Search engines36
exposure score
3
sites use
1
exploited
8
critical
CVEs
107 resultsCVE-2019-7609CRITICALKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the EPSS 95.3%KEVCVE-2018-17246—Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the KibanEPSS 82.3%CVE-2020-7012—Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker witEPSS 18.2%CVE-2025-25014CRITICALKibana arbitrary code execution via prototype pollutionEPSS 13.7%CVE-2019-7610—Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpaEPSS 3.9%CVE-2020-7013—Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB EPSS 2.1%CVE-2019-7616—Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizerEPSS 2.1%CVE-2018-3830—Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker toEPSS 1.9%CVE-2024-23443MEDIUMA high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously craftedEPSS 1.8%CVE-2024-37287CRITICALKibana arbitrary code execution via prototype pollutionEPSS 1.6%CVE-2017-8452—Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and willEPSS 1.4%CVE-2019-7608—Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive infoEPSS 1.3%CVE-2018-17245—Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PEPSS 1.3%CVE-2024-37285CRITICALKibana arbitrary code execution via YAML deserializationEPSS 1.3%CVE-2020-7017—In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or crEPSS 1.2%CVE-2025-25015CRITICALKibana arbitrary code execution via prototype pollutionEPSS 1.2%CVE-2021-22150MEDIUMKibana code execution issueEPSS 1.2%CVE-2020-7016—Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewedEPSS 1.1%CVE-2016-10365—Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domaiEPSS 1.0%CVE-2024-37288CRITICALA deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted paEPSS 1.0%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →